VIRY.CZ

Při dnešním zapnutím ntb. nenaběhla síťová připojení. Po chvilce vyhodí Comodo chybovou hlášku "Comodo Application Agent not running!" Log z RSIT jsem musel vytvořit z nouzového režimu, ntb. po hlášce comoda vždy zamrzne.
Vůbec netuším co s tím. Zkoušel jsem bod obnovení, ale je to to samé.

Zde je log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-05-21 18:31:11
Microsoft Windows XP Home Edition Service Pack 3
System drive E: has 3 GB (10%) free of 30 GB
Total RAM: 1919 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:23, on 21.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Safe mode with network support

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\instal\RSIT.exe
E:\Program Files\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] E:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [Wireless Console 2] E:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACU] "E:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Control Center] E:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DataLayer] E:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] E:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Atheros Configuration Service (ACS) - Atheros - E:\WINDOWS\system32\acs.exe
O23 - Service: ASWLSVC - Unknown owner - E:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - E:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6364 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - E:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - E:\Program Files\ICQToolbar\toolbaru.dll [2005-01-19 446464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControl"=E:\WINDOWS\ATK0100\HControl.exe [2006-10-14 110592]
"RemoteControl"=E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=E:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"NeroFilterCheck"=E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-26 161328]
"RTHDCPL"=E:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"SkyTel"=E:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"SMSERIAL"=E:\WINDOWS\sm56hlpr.exe [2006-03-21 544768]
"Wireless Console 2"=E:\Program Files\Wireless Console 2\wcourier.exe [2005-10-17 987136]
"ACU"=E:\Program Files\Atheros\ACU.exe [2006-11-17 348249]
"Control Center"=E:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2006-11-10 1725440]
"avast!"=E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"COMODO Firewall Pro"=E:\Program Files\Comodo\Firewall\CPF.exe [2008-06-01 1115728]
"Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"DataLayer"=E:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE [2004-09-23 1019392]
"PCSuiteTrayApplication"=E:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE [2004-09-15 148992]
"QuickTime Task"=E:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"DAEMON Tools"=E:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=E:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"=E:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [2007-03-26 16432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\QIP\qip.exe"="E:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"F:\games\CS 1.6\hl.exe"="F:\games\CS 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\WINDOWS\system32\dpvsetup.exe"="E:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"E:\instal\totalcmd\TOTALCMD.EXE"="E:\instal\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"E:\Program Files\CesarFTP\Server.exe"="E:\Program Files\CesarFTP\Server.exe:*:Enabled:Server"
"F:\games\CS 1.6\cstrike.exe"="F:\games\CS 1.6\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"E:\Program Files\Mozilla Firefox\firefox.exe"="E:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"E:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="E:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\SETUP.EXE

======List of files/folders created in the last 1 months======

2010-05-21 18:24:58 ----D---- E:\rsit
2010-05-21 18:02:17 ----D---- E:\WINDOWS\LastGood.Tmp
2010-05-21 17:38:59 ----A---- E:\WINDOWS\ntbtlog.txt
2010-05-03 00:11:17 ----A---- E:\WINDOWS\PhotoNow.INI
2010-04-29 17:40:51 ----D---- E:\Program Files\PDFCreator

======List of files/folders modified in the last 1 months======

2010-05-21 18:31:13 ----D---- E:\Program Files\HijackThis
2010-05-21 18:27:45 ----A---- E:\WINDOWS\wincmd.ini
2010-05-21 18:20:25 ----D---- E:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-05-21 18:17:34 ----D---- E:\WINDOWS\Temp
2010-05-21 18:16:03 ----D---- E:\WINDOWS\system32
2010-05-21 18:16:03 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2010-05-21 18:16:01 ----D---- E:\WINDOWS\system32\CatRoot
2010-05-21 18:15:58 ----D---- E:\WINDOWS\system32\CatRoot2
2010-05-21 18:04:12 ----D---- E:\WINDOWS
2010-05-21 18:03:45 ----D---- E:\WINDOWS\system32\config
2010-05-21 18:03:27 ----D---- E:\WINDOWS\system32\wbem
2010-05-21 18:03:27 ----D---- E:\WINDOWS\Registration
2010-05-21 18:03:17 ----HD---- E:\WINDOWS\inf
2010-05-21 18:02:23 ----RSHDC---- E:\WINDOWS\system32\dllcache
2010-05-21 18:02:23 ----D---- E:\Program Files\Outlook Express
2010-05-21 18:02:16 ----D---- E:\instal
2010-05-21 18:02:14 ----D---- E:\Program Files\Mozilla Firefox
2010-05-21 18:02:09 ----D---- E:\Program Files\CCleaner
2010-05-21 18:01:49 ----D---- E:\WINDOWS\system32\drivers
2010-05-21 17:35:36 ----D---- E:\WINDOWS\Prefetch
2010-05-20 23:43:21 ----A---- E:\WINDOWS\SchedLgU.Txt
2010-05-20 16:03:39 ----D---- E:\WINDOWS\system32\ias
2010-05-13 21:31:28 ----D---- E:\WINDOWS\Debug
2010-05-12 16:05:57 ----HD---- E:\WINDOWS\$hf_mig$
2010-05-12 16:04:02 ----A---- E:\ASWL2K.ini
2010-05-03 00:12:06 ----D---- E:\Program Files\Yahoo!
2010-04-29 17:53:31 ----SHD---- E:\WINDOWS\Installer
2010-04-29 17:53:28 ----RD---- E:\Program Files
2010-04-29 17:53:28 ----D---- E:\WINDOWS\WinSxS
2010-04-29 17:52:42 ----D---- E:\Config.Msi
2010-04-29 17:51:08 ----D---- E:\download

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; E:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 CmdMon;Comodo Application Engine; E:\WINDOWS\System32\DRIVERS\cmdmon.sys [2008-06-01 75520]
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter; E:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-08-14 27776]
R3 BCM43XX;Ovladač síťového adaptéru ASUS 802.11; E:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 dtscsi;dtscsi; E:\WINDOWS\System32\Drivers\dtscsi.sys [2007-09-14 223128]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; E:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; E:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 Aavmker4;avast! Asynchronous Virus Monitor; E:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
S1 aswSP;avast! Self Protection; E:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
S1 intelppm;Řadič procesoru Intel; E:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 kbdhid;Ovladač klávesnice standardu HID; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; E:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; E:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-09-17 20747]
S2 aswFsBlk;aswFsBlk; E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
S2 aswMon2;avast! Standard Shield Support; E:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\E:\WINDOWS\ATK0100\ASNDIS5.SYS []
S3 aswRdr;aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
S3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
S3 CCDECODE;Dekodér Closed Caption; E:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Microsoft AC Adapter Driver; E:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
S3 k750bus;Sony Ericsson 750 driver (WDM); E:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; E:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; E:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; E:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; E:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MODEMCSA;Unimodem Streaming Filter Device; E:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; E:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; E:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; E:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; E:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
S3 RTSTOR;USB Mass Stroage Device; E:\WINDOWS\system32\drivers\RTSTOR.SYS []
S3 Ser2pl;CA-422 Serial port driver; E:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-03-19 43264]
S3 SLIP;BDA Slip De-Framer; E:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smserial;smserial; E:\WINDOWS\system32\DRIVERS\smserial.sys [2006-03-21 889472]
S3 streamip;BDA IPSink; E:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SynMini;USB2.0 1.3M WebCam; E:\WINDOWS\System32\Drivers\SynMini.sys [2006-08-09 1116544]
S3 SynScan;USB2.0 1.3M WebCam Still Image; E:\WINDOWS\System32\Drivers\SynScan.sys [2006-08-09 7808]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; E:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 tosporte;Bluetooth Port Driver from Toshiba; E:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-04-19 47488]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; E:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-05-18 110976]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; E:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; E:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-05-09 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; E:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; E:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 Tosrfusb;Bluetooth USB Controller; E:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-05-09 40192]
S3 upperdev;upperdev; E:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; E:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; E:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 Wdf01000;Kernel Mode Driver Frameworks service; E:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; E:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSIMD;wsimd Service; E:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 54432]
S3 WSTCODEC;Dálnopisný kodek světového standardu; E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ACS;Atheros Configuration Service; E:\WINDOWS\system32\acs.exe [2006-11-17 360533]
S2 ASWLSVC;ASWLSVC; E:\WINDOWS\system32\ASWLSVC.exe [2004-05-06 496640]
S2 aswUpdSv;avast! iAVS4 Control Service; E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
S2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2007-02-02 446464]
S2 avast! Antivirus;avast! Antivirus; E:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S2 CmdAgent;Comodo Application Agent; E:\Program Files\Comodo\Firewall\cmdagent.exe [2008-06-01 361040]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; E:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); E:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-09-29 266343]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; E:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-26 779824]
S3 NMIndexingService;NMIndexingService; E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-26 267824]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; E:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; E:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Nic nebezpečného nevidím. Zkuste nastartovat do nouz. režimu, tam Comodo odinstalovat a po restartu se pokuste dostat do normálního režimu.

Comodo jsem odinstaloval v nouzovém režimu ovšem síťová připojení ani manažer bezdrátových sítí nenaběhl(ani po restartu). (Jsem tu přes stolní PC)
Vyčistil jsem registry CCleanerem, na spodní liště nejsou vidět minimalizované programy. Ntb. je celkově zpomalený. Při spouštění avastu se počáteční test operační paměti zasekne na "aswlsvc.exe"

Teď, po odinstalaci, zkuste obnovu sytému k datu, kdy korektně fungoval. Pokud by to nepomohlo, udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Systém jsem obnovil, COMODO je zpět ovšem opět vyhazuje hlášku a problémy popsané výše přetrvávají. Systém již nejde korektně vypnout ani restartovat, po zmizení všech ikon a spodní lišty sestrvává obrazovka na prázné ploše.
MBAM jsem nainstaloval ovšem klasickém režimu vyhazoval chybu runtime error "0" a "404". V nouzovém režimu sken MBAM proběhl a zde je info z protokolu:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

21.5.2010 20:38:52
mbam-log-2010-05-21 (20-38-52).txt

Typ skenu: Úplný sken (E:\|F:\|)
Skenované objekty: 208264
Uplynulý čas: 28 minuta(y), 48 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
E:\instal\Malwarebytes_Anti-Malware_v1.30_portable_www.softarchive.net\Malwarebytes Anti-Malware_v1.30_MultiLang_portable\MalwarebytesPortable\MalwarebytesPortable.exe (Dont.Steal.Our.Software.A) -> No action taken.
E:\instal\TC655B3\Patch\Patch.exe (Malware.Packer.Gen) -> No action taken.
E:\Documents and Settings\Owner\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
E:\WINDOWS\system32\config\systemprofile\Data aplikací\fvgqad.dat (Malware.Trace) -> No action taken.

V nouzovém režimu jde spustit i avast a ten detekuje:

E:\WINDOWS\system32\aswlsvc.exe
Win32:Rootkit-gen[Rtk]
Typ malware: Rootkit

Toto smažte:

E:\instal\TC655B3\Patch\Patch.exe
E:\Documents and Settings\Owner\Data aplikací\avdrn.dat
E:\WINDOWS\system32\config\systemprofile\Data aplikací\fvgqad.dat

Comodo je nutné odinstalovat. Pak dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Provedl jsem. Zdá se, že to zabralo, Daemon vyhodí ovšem po přihlášení a startu systému tuto hlášku

Obrázek

a avast mi teď sám hlásí virus:
E:\WINDOWS\system32\aswlsvc.exe
Win32:Rootkit-gen[Rtk]
Typ malware: Rootkit

log:

ComboFix 10-05-20.A4 - Owner 21.05.2010 22:52:55.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1919.1414 [GMT 2:00]
Spuštěný z: e:\documents and settings\Owner\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100520-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\system32\Drivers\jger.sys

Nakažená kopie e:\windows\system32\drivers\ntfs.sys byla nalezena a vyléčena.
Obnovena kopie z - e:\windows\erdnt\cache\ntfs.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-21 do 2010-05-21 )))))))))))))))))))))))))))))))
.

2010-05-21 20:17 . 2010-04-29 13:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-05-21 20:17 . 2010-04-29 13:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-05-21 17:53 . 2010-05-21 20:17 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-05-21 17:47 . 2010-05-21 17:47 -------- d-----w- e:\windows\system32\wbem\Repository
2010-05-21 16:24 . 2010-05-21 16:31 -------- d-----w- E:\rsit
2010-04-29 15:40 . 2010-04-29 15:48 -------- d-----w- e:\program files\PDFCreator

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 20:52 . 2006-03-02 12:00 79440 ----a-w- e:\windows\system32\perfc005.dat
2010-05-21 20:52 . 2006-03-02 12:00 432516 ----a-w- e:\windows\system32\perfh005.dat
2010-05-21 17:46 . 2008-03-19 18:25 -------- d-----w- e:\program files\CCleaner
2010-05-02 22:12 . 2008-03-19 18:26 -------- d-----w- e:\program files\Yahoo!
2010-03-11 12:36 . 2006-03-02 12:00 832512 ----a-w- e:\windows\system32\wininet.dll
2010-03-11 12:36 . 2006-03-02 12:00 78336 ----a-w- e:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2006-03-02 12:00 17408 ------w- e:\windows\system32\corpol.dll
2010-03-09 11:11 . 2006-03-02 12:00 430080 ----a-w- e:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2006-03-02 12:00 455680 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- e:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- e:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUSTPE"="e:\windows\system32\ASUSTPE.exe" [2006-10-14 69632]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="e:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"RemoteControl"="e:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="e:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="e:\windows\sm56hlpr.exe" [2006-03-21 544768]
"Wireless Console 2"="e:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ACU"="e:\program files\Atheros\ACU.exe" [2006-11-17 348249]
"Control Center"="e:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-11-10 1725440]
"avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"DAEMON Tools"="e:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="e:\program files\Java\jre1.6.0_03\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\QIP\\qip.exe"=
"f:\\games\\CS 1.6\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\instal\\totalcmd\\TOTALCMD.EXE"=
"e:\\Program Files\\CesarFTP\\Server.exe"=
"f:\\games\\CS 1.6\\cstrike.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [2.4.2008 14:52 114768]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 14:52 20560]
R3 SynMini;USB2.0 1.3M WebCam;e:\windows\system32\drivers\SynMini.sys [9.8.2006 14:15 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;e:\windows\system32\drivers\SynScan.sys [9.8.2006 14:15 7808]
S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [21.5.2010 22:17 38224]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [14.9.2007 11:46 642560]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: &ICQ Toolbar Search - e:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - e:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\ee4b5d4m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: e:\program files\DivXwebplayer\DivX Web Player\npdivx32.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKLM-Run-COMODO Firewall Pro - e:\program files\Comodo\Firewall\CPF.exe
AddRemove-COMODO Firewall Pro - e:\program files\Comodo\Firewall\fwconfig.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-21 22:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(828)
e:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(524)
e:\progra~1\WINDOW~2\wmpband.dll
e:\windows\system32\WPDShServiceObj.dll
e:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
e:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\Ati2evxx.exe
e:\windows\system32\Ati2evxx.exe
e:\program files\Alwil Software\Avast4\aswUpdSv.exe
e:\program files\Alwil Software\Avast4\ashServ.exe
e:\windows\RTHDCPL.EXE
e:\program files\Common Files\LightScribe\LSSrvc.exe
e:\program files\CyberLink\Shared Files\RichVideo.exe
e:\progra~1\Nokia\NOKIAP~2\TRAYAP~1.EXE
e:\windows\ATK0100\ATKOSD.exe
e:\program files\Alwil Software\Avast4\ashMaiSv.exe
e:\program files\Alwil Software\Avast4\ashWebSv.exe
e:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-05-21 23:02:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-21 21:02

Před spuštěním: 2 990 505 984
Po spuštění: 2 957 144 064

- - End Of File - - 0EB0468A299BFF74E035E613E1B0E93C

1 položka smazána a 1 soubor byl nahrazen ze zálohy. Zbytek logu vypadá čistý. CF DT a jiné programy na emulování mechanik nesnáší. Musí se odinstalovat a po skončení akce CF opět nainstalovat.

Ok a co myslíte s tím aswlsvc.exe, mám avastu věřit a smazat to?
A mohu nainstalovat znovu Comodo firewall ?

Aswlsvc.exe patří nějakému softu od Asus. Pro jistotu bych soubor zkontroloval Online na www.virustotal.com . Avast občas mívá falešné poplachy. také Comodo má na některých instalacích s Avastem problém. Vyzkoušel bych raději jiný firewall.

Po otestování se zdá, že to je opravdu planý poplach. Je nějaký firewall který byste mi doporučil? Kerio už jsem měl a s Avastem mělo také problém. Díky moc.

Vyzkoušejte ZoneAlarm: http://www.stahuj.centrum.cz/internet_a ... zonealarm/ . Nemáte zač!

VIRY.CZ

Chybová hláška COMODA a ntb. zamrzá

Chybová hláška COMODA a ntb. zamrzá

Re: Chybová hláška COMODA a ntb. zamrzá

Re: Chybová hláška COMODA a ntb. zamrzá

Re: Chybová hláška COMODA a ntb. zamrzá

Re: Chybová hláška COMODA a ntb. zamrzá

Re: Chybová hláška COMODA a ntb. zamrzá

Re: Chybová hláška COMODA a ntb. zamrzá

Re: Chybová hláška COMODA a ntb. zamrzá

Re: Chybová hláška COMODA a ntb. zamrzá

Re: Chybová hláška COMODA a ntb. zamrzá

Re: Chybová hláška COMODA a ntb. zamrzá

Re: Chybová hláška COMODA a ntb. zamrzá